package cn.wolfcode.crm.shiro;

import cn.wolfcode.crm.domain.Employee;
import cn.wolfcode.crm.domain.Permission;
import cn.wolfcode.crm.domain.Role;
import cn.wolfcode.crm.mapper.EmployeeMapper;
import cn.wolfcode.crm.mapper.PermissionMapper;
import cn.wolfcode.crm.mapper.RoleMapper;
import cn.wolfcode.crm.service.IEmployeeService;
import cn.wolfcode.crm.service.IPermissionService;
import cn.wolfcode.crm.service.IRoleService;
import cn.wolfcode.crm.util.EmployeeUtil;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import java.util.List;

@Component
public class CrmRealm extends AuthorizingRealm {
    @Autowired
    private EmployeeMapper employeeMapper;
    @Autowired
    private PermissionMapper permissionMapper;
    @Autowired
    private RoleMapper roleMapper;


    /**
     * 提供权限信息给shiro
     *
     * @param principalCollection
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        //返回的结果就代表当前subject拥有的权限/角色
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        /*info.addRole("HR");
        info.addStringPermission("employee:sa   ve");*/
        //获取当前员工对象id
        Employee employee = EmployeeUtil.getEmployee();
        //根据员工id去查询员工角色
        if (!employee.isAdmin()) {
            List<Role> roles = roleMapper.otherSqlByRoleId(employee.getId());
            for (Role role : roles) {
                info.addRole(role.getSn());
            }
            //根据员工id去查询员工权限
            List<String> permissions = permissionMapper.queryByEmployeeId(employee.getId());
            info.addStringPermissions(permissions);
        } else {
            info.addStringPermission("*:*");
            //方便以后判断管理员
            info.addRole("ADMIN");
        }
        return info;
    }

    /**
     * 提供认证信息给shiro
     *
     * @param authenticationToken
     * @return
     * @throws AuthenticationException 该方法的返回值决定了是否会抛出UnknownAccountException异常
     *                                 如果返回null，shiro就会抛出异常
     *                                 如果返回对象，shiro就会从对象里面拿出真正的密码，结合token中的密码去判断
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        /*UsernamePasswordToken usernamePasswordToken = ((UsernamePasswordToken) authenticationToken);
        usernamePasswordToken.getUsername();*/
        //拿到令牌里面的用户名，有可能是错的
        String username = authenticationToken.getPrincipal().toString();
        //根据username去数据库查询是否有数据，如果有就能拿到员工对象
        Employee employee = employeeMapper.selectByName(username);
        if (employee != null) {
            return new SimpleAuthenticationInfo(employee, employee.getPassword(), this.getName());
        }
        //返回的对象一定包含用户真正的密码，提供给shiro去判断
        return null;
    }
}
